--- loncom/auth/lonacc.pm 2008/11/25 14:19:07 1.121 +++ loncom/auth/lonacc.pm 2011/08/09 01:35:31 1.137 @@ -1,7 +1,7 @@ # The LearningOnline Network # Cookie Based Access Handler # -# $Id: lonacc.pm,v 1.121 2008/11/25 14:19:07 jms Exp $ +# $Id: lonacc.pm,v 1.137 2011/08/09 01:35:31 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -156,7 +156,7 @@ sub get_posted_cgi { for ($i=0;$i<=$#lines;$i++) { if ($lines[$i]=~/^--\Q$contentsep\E/) { if ($name) { - chomp($value); + $value=~s/[\r\n]+$//; if (ref($fields) eq 'ARRAY') { next if (!grep(/^\Q$name\E$/,@{$fields})); } @@ -238,10 +238,11 @@ sub upload_size_allowed { if ($name =~ /^HWFILE(\w+)$/) { my $ident = $1; my $item = 'HWFILESIZE'.$ident; - &Apache::loncommon::add_to_env("form.$item",$size); + my $savesize = sprintf("%.6f",$size); + &Apache::loncommon::add_to_env("form.$item",$savesize); my $maxsize= &Apache::lonnet::EXT("resource.$ident.maxfilesize"); if (!$maxsize) { - $maxsize = 100.0; + $maxsize = 10.0; # FIXME This should become a domain configuration. } if ($size > $maxsize) { my $warn = 'HWFILETOOBIG'.$ident; @@ -277,12 +278,29 @@ sub sso_login { my ($user) = ($r->user =~ m/([a-zA-Z0-9_\-@.]*)/); - my $domain = $r->dir_config('lonDefDomain'); + my $query = $r->args; + my %form; + if ($query) { + my @items = ('role','symb'); + &Apache::loncommon::get_unprocessed_cgi($query,\@items); + foreach my $item (@items) { + if (defined($env{'form.'.$item})) { + $form{$item} = $env{'form.'.$item}; + } + } + } + + my $domain = $r->dir_config('lonSSOUserDomain'); + if ($domain eq '') { + $domain = $r->dir_config('lonDefDomain'); + } my $home=&Apache::lonnet::homeserver($user,$domain); if ($home !~ /(con_lost|no_host|no_such_host)/) { &Apache::lonnet::logthis(" SSO authorized user $user "); - if ($r->dir_config("lonBalancer") eq 'yes') { - # login but immeaditly go to switch server to find us a new + my ($is_balancer,$otherserver) = + &Apache::lonnet::check_loadbalancing($user,$domain); + if ($is_balancer) { + # login but immediately go to switch server to find us a new # machine &Apache::lonauth::success($r,$user,$domain,$home,'noredirect'); $env{'request.sso.login'} = 1; @@ -290,7 +308,11 @@ sub sso_login { $env{'request.sso.reloginserver'} = $r->dir_config('lonSSOReloginServer'); } - $r->internal_redirect('/adm/switchserver'); + my $redirecturl = '/adm/switchserver'; + if ($otherserver ne '') { + $redirecturl .= '?otherserver='.$otherserver; + } + $r->internal_redirect($redirecturl); $r->set_handlers('PerlHandler'=> undef); } else { # need to login them in, so generate the need data that @@ -301,6 +323,11 @@ sub sso_login { 'server' => $r->dir_config('lonHostID'), 'sso.login' => 1 ); + foreach my $item ('role','symb') { + if (exists($form{$item})) { + $info{$item} = $form{$item}; + } + } if ($r->dir_config("ssodirecturl") == 1) { $info{'origurl'} = $r->uri; } @@ -351,7 +378,10 @@ sub handler { return OK; } - + if ($requrl =~ m{^/res/adm/pages/[^/]+\.(gif|png)$}) { + return OK; + } + my $handle = &Apache::lonnet::check_for_valid_session($r); my $result = &sso_login($r,$handle); @@ -359,11 +389,7 @@ sub handler { return $result; } - - if ($r->dir_config("lonBalancer") eq 'yes') { - $r->set_handlers('PerlResponseHandler'=> - [\&Apache::switchserver::handler]); - } + my ($is_balancer,$otherserver); if ($handle eq '') { $r->log_reason("Cookie $handle not valid", $r->filename); @@ -390,10 +416,39 @@ sub handler { } $env{'request.filename'} = $r->filename; $env{'request.noversionuri'} = &Apache::lonnet::deversion($requrl); + if ($requrl =~ m{^/adm/wrapper/ext/}) { + my $query = $r->args; + if ($query) { + my $preserved; + foreach my $pair (split(/&/,$query)) { + my ($name, $value) = split(/=/,$pair); + unless ($name eq 'symb') { + $preserved .= $pair.'&'; + } + } + $preserved =~ s/\&$//; + if ($preserved) { + $env{'request.external.querystring'} = $preserved; + } + } + } # -------------------------------------------------------- Load POST parameters &Apache::lonacc::get_posted_cgi($r); +# ------------------------------------------------------ Check if load balancer + + ($is_balancer,$otherserver) = + &Apache::lonnet::check_loadbalancing($env{'user.name'}, + $env{'user.domain'}); + if ($is_balancer) { + $r->set_handlers('PerlResponseHandler'=> + [\&Apache::switchserver::handler]); + if ($otherserver ne '') { + $env{'form.otherserver'} = $otherserver; + } + } + # ---------------------------------------------------------------- Check access my $now = time; if ($requrl !~ m{^/(?:adm|public|prtspool)/} @@ -412,8 +467,24 @@ sub handler { return OK; } if (($access ne '2') && ($access ne 'F')) { - $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied"; - return HTTP_NOT_ACCEPTABLE; + if ($requrl =~ m{^/res/}) { + $access = &Apache::lonnet::allowed('bro',$requrl); + if ($access ne 'F') { + if ($requrl eq '/res/lib/templates/simpleproblem.problem/smpedit') { + $access = &Apache::lonnet::allowed('bre','/res/lib/templates/simpleproblem.problem'); + if ($access ne 'F') { + $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied"; + return HTTP_NOT_ACCEPTABLE; + } + } else { + $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied"; + return HTTP_NOT_ACCEPTABLE; + } + } + } else { + $env{'user.error.msg'}="$requrl:bre:1:1:Access Denied"; + return HTTP_NOT_ACCEPTABLE; + } } } if ($requrl =~ m|^/prtspool/|) { @@ -436,6 +507,7 @@ sub handler { $env{'user.domain'} eq 'public' && $requrl !~ m{^/+(res|public|uploaded)/} && $requrl !~ m{^/adm/[^/]+/[^/]+/aboutme/portfolio$ }x && + $requrl !~ m{^/adm/blockingstatus/.*$} && $requrl !~ m{^/+adm/(help|logout|restrictedaccess|randomlabel\.png)}) { $env{'request.querystring'}=$r->args; $env{'request.firsturl'}=$requrl; @@ -445,14 +517,16 @@ sub handler { if ($env{'request.course.id'}) { &Apache::lonnet::countacc($requrl); $requrl=~/\.(\w+)$/; + my $query=$r->args; if ((&Apache::loncommon::fileembstyle($1) eq 'ssi') || - ($requrl=~/^\/adm\/.*\/(aboutme|navmaps|smppg|bulletinboard)(\?|$ )/x) || + ($requrl=~/^\/adm\/.*\/(aboutme|smppg|bulletinboard)(\?|$ )/x) || ($requrl=~/^\/adm\/wrapper\//) || ($requrl=~m|^/adm/coursedocs/showdoc/|) || ($requrl=~m|\.problem/smpedit$|) || - ($requrl=~/^\/public\/.*\/syllabus$/)) { + ($requrl=~/^\/public\/.*\/syllabus$/) || + ($requrl=~/^\/adm\/(viewclasslist|navmaps)$/) || + ($requrl=~/^\/adm\/.*\/aboutme\/portfolio(\?|$)/)) { # ------------------------------------- This is serious stuff, get symb and log - my $query=$r->args; my $symb; if ($query) { &Apache::loncommon::get_unprocessed_cgi($query,['symb']); @@ -466,7 +540,9 @@ sub handler { 'last_known' =>[$murl,$mid]); } elsif ((&Apache::lonnet::symbverify($symb,$requrl)) || (($requrl=~m|(.*)/smpedit$|) && - &Apache::lonnet::symbverify($symb,$1))) { + &Apache::lonnet::symbverify($symb,$1)) || + (($requrl=~m|(.*/aboutme)/portfolio$|) && + &Apache::lonnet::symbverify($symb,$1))) { my ($map,$mid,$murl)=&Apache::lonnet::decode_symb($symb); &Apache::lonnet::symblist($map,$murl => [$murl,$mid], 'last_known' =>[$murl,$mid]); @@ -478,6 +554,9 @@ sub handler { return HTTP_NOT_ACCEPTABLE; } } else { + if ($requrl=~m{^(/adm/.*/aboutme)/portfolio$}) { + $requrl = $1; + } $symb=&Apache::lonnet::symbread($requrl); if (&Apache::lonnet::is_on_map($requrl) && $symb && !&Apache::lonnet::symbverify($symb,$requrl)) { @@ -499,8 +578,31 @@ sub handler { # ------------------------------------------------------- This is other content &Apache::lonnet::courseacclog($requrl); } + my $cdom = $env{'course.'.$env{'request.course.id'}.'.domain'};; + my $cnum = $env{'course.'.$env{'request.course.id'}.'.num'};; + if ($requrl =~ m{^/+uploaded/\Q$cdom\E/\Q$cnum\E/docs/.+\.html?$}) { + if (&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) { + if ($query) { + &Apache::loncommon::get_unprocessed_cgi($query,['forceedit']); + if ($env{'form.forceedit'}) { + $env{'request.state'} = 'edit'; + } + } + } + } } return OK; + } else { + my $defdom=$r->dir_config('lonDefDomain'); + ($is_balancer,$otherserver) = + &Apache::lonnet::check_loadbalancing(undef,$defdom); + if ($is_balancer) { + $r->set_handlers('PerlResponseHandler'=> + [\&Apache::switchserver::handler]); + if ($otherserver ne '') { + $env{'form.otherserver'} = $otherserver; + } + } } # -------------------------------------------- See if this is a public resource if ($requrl=~m|^/+adm/+help/+|) { 500 Internal Server Error

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator at root@localhost to inform them of the time this error occurred, and the actions you performed just before this error.

More information about this error may be available in the server error log.